diff options
author | Luke Shumaker <lukeshu@lukeshu.com> | 2017-05-10 17:35:20 -0400 |
---|---|---|
committer | Luke Shumaker <lukeshu@lukeshu.com> | 2017-05-10 17:35:20 -0400 |
commit | 0f84dd566f9a09ff2bf9c421c57f92c0940720f3 (patch) | |
tree | ad55de626764ceb7056299d6f54048af2bc60e9e /src/grp-initprogs/systemd-sysctl/50-default.sysctl | |
parent | 113d1861d5730e1e61e6583317f1c6baa9deb333 (diff) |
./tools/notsd-move
Diffstat (limited to 'src/grp-initprogs/systemd-sysctl/50-default.sysctl')
-rw-r--r-- | src/grp-initprogs/systemd-sysctl/50-default.sysctl | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/src/grp-initprogs/systemd-sysctl/50-default.sysctl b/src/grp-initprogs/systemd-sysctl/50-default.sysctl new file mode 100644 index 0000000000..f08f32e849 --- /dev/null +++ b/src/grp-initprogs/systemd-sysctl/50-default.sysctl @@ -0,0 +1,40 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See sysctl.d(5) and core(5) for documentation. + +# To override settings in this file, create a local file in /etc +# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments +# there. + +# System Request functionality of the kernel (SYNC) +# +# Use kernel.sysrq = 1 to allow all keys. +# See http://fedoraproject.org/wiki/QA/Sysrq for a list of values and keys. +kernel.sysrq = 16 + +# Append the PID to the core filename +kernel.core_uses_pid = 1 + +# Source route verification +net.ipv4.conf.default.rp_filter = 1 +net.ipv4.conf.all.rp_filter = 1 + +# Do not accept source routing +net.ipv4.conf.default.accept_source_route = 0 +net.ipv4.conf.all.accept_source_route = 0 + +# Promote secondary addresses when the primary address is removed +net.ipv4.conf.default.promote_secondaries = 1 +net.ipv4.conf.all.promote_secondaries = 1 + +# Fair Queue CoDel packet scheduler to fight bufferbloat +net.core.default_qdisc = fq_codel + +# Enable hard and soft link protection +fs.protected_hardlinks = 1 +fs.protected_symlinks = 1 |